ShinyHunters Leak 12.4 Million CarGurus Records in Massive Data Dump
Image: MargJohnsonVA/Envato Millions of CarGurus users may have had their personal and financial data exposed after a notorious threat actor...
have
Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration
Ravie LakshmananFeb 25, 2026Artificial Intelligence / Vulnerability Cybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic's Claude Code, an artificial...
Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware
Ravie LakshmananFeb 25, 2026Cybersecurity / Malware Cybersecurity researchers have discovered four malicious NuGet packages that are designed to target ASP.NET...
RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN
A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious...
Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb
Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a...
Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens
Cybersecurity researchers have disclosed what they say is an active "Shai-Hulud-like" supply chain worm campaign that has leveraged a cluster...
In 2026, Businesses Should Be Breach Ready and Never Shut Down Their Core Business
“We do not know how long this situation may last. As a precaution, all of our IT systems have...
BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration
Ravie LakshmananFeb 20, 2026Vulnerability / Cyber Attack Threat actors have been observed exploiting a recently disclosed critical security flaw impacting...
ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT Malware
Ravie LakshmananFeb 20, 2026Malware / Threat Intelligence Cybersecurity researchers have disclosed details of a new ClickFix campaign that abuses compromised...
Why AISPM Isn’t Enough for the Agentic Era
AI agents have quietly crossed a threshold. They are no longer confined to drafting emails or summarizing documents, but...
Your Most Dangerous User Is Not Human: How AI Agents and MCP Servers Broke the Internal API Walled Garden
Highlights The Perimeter is Porous: Modern Agentic AI and the Model Context Protocol (MCP) have effectively turned internal data...
PromptSpy Android Malware Abuses Gemini AI to Automate Recent-Apps Persistence
Cybersecurity researchers have discovered what they say is the first Android malware that abuses Gemini, Google's generative artificial intelligence (AI)...
Fake IPTV Apps Spread Massiv Android Malware Targeting Mobile Banking Users
Ravie LakshmananFeb 19, 2026Banking Malware / Mobile Security Cybersecurity researchers have disclosed details of a new Android trojan called Massiv...
CRESCENTHARVEST Campaign Targets Iran Protest Supporters With RAT Malware
Cybersecurity researchers have disclosed details of a new campaign dubbed CRESCENTHARVEST, likely targeting supporters of Iran's ongoing protests to conduct...
A Busy Week for Cybersecurity Speaking Engagements
I have a busy week with podcasts, webinars, and a keynote! Communicating and sharing is vital to the cybersecurity...
